When Reporting Security Initiatives To Management, Keep It Simple
- Reporting to a government agency is more complex than to a CEO or director, who typically prefer less technical analysis.
- Training and awareness among the team are just as important as compliance.
“To some, they hate measures, but to people who understand why measures are important, they will value why we are doing this. This is our tool to justify a budget.”
In her role managing security and other network functions for a large government entity in Abu Dhabi, Irene Corpuz has learned that, when it comes to reporting up, “keep it simple.” This means when preparing a report for the general manager, for example, she keeps the presentation to four pages, which she feels are already too many. “The first page is a title,” she says, “the second page is what is expected of the report, and the third and fourth pages are the main reports.” These reports focus heavily on two areas: risk level and governance.